The US Senate has issued a report calling for the online advertising industry to improve its security against malware attacks, and for lawmakers to legislate tougher penalties should it fail to do so.
The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it …

Re: Better yet

Re: Better yet

Make companies responsible for negligence and their incompetence. Then they would act in much more defensive ways rather than simply shucking the blame.

All of the other suggestions (at least so far) are kind of stupid for a lot of reasons, but I'm just going to focus on what I regard as the most obvious one. Children are naive and innocent and need to be protected from vicious criminals while they are growing up and learning how to defend themselves. If that isn't enough, then how many times do you want to recover your children's computers from being pwned by attack ads from websites with drive-by malware installers?

P.S. I mostly blame Microsoft for so firmly establishing the no-liability EULA. I offer two observations: (1) If Microsoft were held accountable for all of the economic damage inflicted by their mistakes, then they would be bankrupt. (2) If they faced the threat of liability for their mistakes, they would design MUCH better software. Perhaps the initial progress would have been slower, but what we have now is clearly a rotten house built on a rotten foundation. After 10 years of so-called security initiatives, yesterday's "routine" patches were more than 100 MB.

Better Better yet

Re: Better yet

Blame Netscape and Macromedia first and second and sorting out which was worse will take some serious drinking time. All of the evil bits came from those two players. And if you want to sue them? Good luck. The former is now the Mozilla Foundation, the latter Adobe. [Ever hear of Flash?] Try you revisionism on someone else that wasn't alive back then or at least not in short pants. Sheesh!

Re: Better yet

On the whole responsibility/accountability thang? Right there with you. A bug or security hole in my code could cost lives, cause millions of dollars worth of damages, &c. For me, life in prison or the gallows was a very real consequence of my fucking up. Everything was proven, reliable, no holes, and so forth. I'd rather not spend my life in prison, being guarded by a bunch of pissed off Marines or hanging.

Re: Better yet

Not necessarily the problem. I recall building out a system once and failing to make my standard adjustment of switching the default for IE from MSN to Google. Fired it up to start the MS Update processs. It defaulted to MSN and ...

BOOM ! ! ! !

The malware Antivirus/Spyware 2005 (or some such year) was installed on the PC. I just turned it off and started over.

@ Shannon Jacobs

Oh joy!!!

Congress is going to legislate. $DEITY knows what we'll end up with. Mandated browsers? Mandated software? Some bloated bureaucracy with too much time and money on it's hands that will only cobble things beyond belief??? And naturally, it will all be monitored (unofficially of course) by the NSA and friendly security agencies everywhere.

Re: Oh joy!!!

Re: Oh joy!!!

"The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it impossible" for users to be protected against malware attacks while visiting sites."

First failure. A committee examines something.

Death to all facts, politics will bring consensus on non-reality. Insanity ensues.

That is the US, *normally*. Today, see suggestions of thermonuclear cleaning of something that is insane in the extreme to even have a nightmare about just visiting, let alone evaporating.

Frankly, I think a few well heeled folks have some, erm, issues. They want to vent their spleen *and* want to vent their political views.

Now, that really isn't a biggie, but when one vents one's spleen in a nationally destructive and internationally destructive way, that *is* a biggie!

The problem is, a substantial part of the US far right is of the insanity crowd. The other problem is, they are a massive minority, the reality is far different.

But, the US also has the best government that money can buy, buy Supreme Court decision.

Leaving us with scorched earth for all.

Figure the way out, I welcome you! I'm out of altitude, velocity and ideas.

Protection against malvertising ..

"The Committee on Homeland Security and Governmental Affairs said that the advertising landscape as it now exists "makes it impossible" for users to be protected against malware attacks while visiting sites."

Re: Protection against malvertising ..

On x86 I've been doing something similar here since VMWare Workstation v1.03. Boot up an instance of something and toss, do not save, the instance. Grab a copy of the Golden-Image for the next session. The host OS doesn't matter much, if at all. Pretty hard to break out of a VM although if anyone can, NoSuchAgency might be the ones who can.

Re: Protection against malvertising ..

Advertising Industry + Tech + Congress

Its nice to see our millionaire overlords finally get the wake up call to do something about advertising's dirty laundry... I wonder how many of them got hit personally before they decided to do something? I recall a line from an Ad-man: FB and Google are advertising companies masquerading as tech companies....

A decent article which breaks down the problem and has some choice quotes...

This story brought a brief moment of blissful Schadenfreude

"Yahoo’s advertising network was compromised in December by hackers, resulting in a virus being installed on computers of users when they visited ads on legitimate websites, according to a report released by Levin’s panel. In February, cybercriminals carried out a similar attack on Google’s YouTube video service through an ad delivered by the company, the report found. "

I'm so sick of online advertisers peddling self-righteous crap about 'expanding the user experience' when we all know its about $$$ only......

Do not do evil, doubleclick

All these ad sites should be blocked. The easiest way is to only surf with Firefox with NoScript and AdBlock Plus extensions. An added protection is provided by SpywareBlaster from Javacool Software. It includes 16,977 protections for no charge from things like AdRevolver and DoubleClick.